10 Tips for Phrasing Employee Feedback in Reviews

Performance reviews inside cybersecurity teams carry unusually high stakes. Security analysts, incident responders, IT administrators, and compliance staff…...

Building a High-Impact Tier 1: The 3 Steps CISOs Must Follow

Every CISO knows the uncomfortable truth about their Security Operations Center: the people most responsible for catching threats in real time are the people with the least experience. Tier 1 analysts sit at the front line of detection, and yet they are also the most vulnerable to the cognitive a...

TRACE: Timely Retrieval and Alignment for Cybersecurity Knowledge Graph Construction and Expansion

The rapid evolution of cyber threats has highlighted significant gaps in security knowledge integration. Cybersecurity Knowledge Graphs CKGs relying on structured data inherently exhibit hysteresis, as the timely incorporation of rapidly evolving unstructured data remains limited, potentially...

LLMs As Firmware Experts: A Runtime-Grown Tree-Of-Agents Framework

Large Language Models LLMs and their agent systems have recently demonstrated strong potential in automating code reasoning and vulnerability detection. However, when applied to large-scale firmware, their performance degrades due to the binary nature of firmware, complex dependency structures, a...

RulePilot: An LLM-Powered Agent for Security Rule Generation

The real-time demand for system security leads to the detection rules becoming an integral part of the intrusion detection life-cycle. Rule-based detection often identifies malicious logs based on the predefined grammar logic, requiring experts with deep domain knowledge for rule generation...

EUVD-2012-0315

Malware in sbrugna...

Enhancing Cyber Threat Hunting -- a Visual Approach with the Forensic Visualization Toolkit

In today's dynamic cyber threat landscape, organizations must take proactive steps to bolster their cybersecurity defenses. Cyber threat hunting is a proactive and iterative process aimed at identifying and mitigating advanced threats that may go undetected by traditional security measures. Rathe...

Business Case for Agentic AI SOC Analysts

Security operations centers SOCs are under pressure from both sides: threats are growing more complex and frequent, while security budgets are no longer keeping pace. Today's security leaders are expected to reduce risk and deliver results without relying on larger teams or increased spending. At...

How AI-Enabled Workflow Automation Can Help SOCs Reduce Burnout

It sure is a hard time to be a SOC analyst. Every day, they are expected to solve high-consequence problems with half the data and twice the pressure. Analysts are overwhelmed—not just by threats, but by the systems and processes in place that are meant to help them respond. Tooling is fragmented...

Systems-Theoretic and Data-Driven Security Analysis in ML-enabled Medical Devices

The integration of AI/ML into medical devices is rapidly transforming healthcare by enhancing diagnostic and treatment facilities. However, this advancement also introduces serious cybersecurity risks due to the use of complex and often opaque models, extensive interconnectivity, interoperability...

CTEM is the New SOC: Shifting from Monitoring Alerts to Measuring Risk

Introduction: Security at a Tipping Point Security Operations Centers SOCs were built for a different era, one defined by perimeter-based thinking, known threats, and manageable alert volumes. But today's threat landscape doesn't play by those rules. The sheer volume of telemetry, overlapping...

Evaluating Explanation Quality in X-IDS Using Feature Alignment Metrics

Explainable artificial intelligence XAI methods have become increasingly important in the context of explainable intrusion detection systems X-IDSs for improving the interpretability and trustworthiness of X-IDSs. However, existing evaluation approaches for XAI focus on model-specific properties...

InsightIDR AI Alert Triage Automatically Classifies Alerts with 99.93% Accuracy

Rapid7 AI Alert Triage helps SOC analysts quickly and accurately triage thousands of daily alerts, improving efficiency and enabling focus. One universal truth in Security Operations Centers SOCs is that analysts are overwhelmed by the high volume of alerts they receive. In a recent survey, SOC...

SOC Analysts - Reimagining Their Role Using AI

The job of a SOC analyst has never been easy. Faced with an overwhelming flood of daily alerts, analysts and sometimes IT teams who are doubling as SecOps must try and triage thousands of security alerts—often false positives—just to identify a handful of real threats. This relentless, 24/7 work...

AI SOC Analysts: Propelling SecOps into the future

Triaging and investigating alerts is central to security operations. As SOC teams strive to keep up with ever-increasing alert volumes and complexity, modernizing SOC automation strategies with AI has emerged as a critical solution. This blog explores how an AI SOC Analyst transforms alert...

Expanded SOC Coverage Into AWS Environments with Rapid7 MXDR

Co-athored by Mikayla Wyman and Ryan Blanchard As organizations increasingly rely on AWS for scalability and innovation, the complexity of securing these environments grows. AWS offers a robust set of native services and a comprehensive ecosystem, but managing security signals and responding to...

Bidirectional communication via polyrhythms and shuffles: Without Jon the beat must go on

Welcome to this week's edition of the Threat Source newsletter. Bidirectional communication is foundational to a well-built team regardless of environment. It's critical in information security to be able to drive a conversation up the ladder and down and not lose the critical elements. One of th...

Whispers from the Dark Web Cave. Cyberthreats in the Middle East

The Kaspersky Digital Footprint Intelligence team analyzed cybersecurity threats coming from dark web cybercriminals who targeted businesses and governments in the Middle East in H1 2024. Our research highlights the most severe and pervasive threats, and identifies potential risks and consequence...

Ghidra data type archive for Windows driver functions

While reverse-engineering Windows drivers with Ghidra, it is common to encounter a function or data type that is not recognized during disassembly. This is because Ghidra does not natively include the majority of the definitions for data types and functions used by Windows drivers. Thankfully,...

Storm-1575 Threat Actor Deploys New Login Panels for Phishing Infrastructure

The Storm-1575 group is known for frequently rebranding its phishing infrastructure. Recently, ANY.RUN analysts identified the deployment of…...